diff --git a/meshcentral.js b/meshcentral.js index 91345bfd..40d57361 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -540,6 +540,24 @@ function CreateMeshCentralServer(config, args) { } catch (ex) { callback({ current: getCurrentVersion() }, ex); } // If the system is running out of memory, an exception here can easily happen. }; + // Use NPM to get list of versions + obj.getServerVersions = function (callback) { + try { + var child_process = require('child_process'); + var npmpath = ((typeof obj.args.npmpath == 'string') ? obj.args.npmpath : 'npm'); + var npmproxy = ((typeof obj.args.npmproxy == 'string') ? (' --proxy ' + obj.args.npmproxy) : ''); + var env = Object.assign({}, process.env); // Shallow clone + if (typeof obj.args.npmproxy == 'string') { env['HTTP_PROXY'] = env['HTTPS_PROXY'] = env['http_proxy'] = env['https_proxy'] = obj.args.npmproxy; } + var xxprocess = child_process.exec(npmpath + npmproxy + ' view meshcentral versions --json', { maxBuffer: 512000, cwd: obj.parentpath, env: env }, function (error, stdout, stderr) { }); + xxprocess.data = ''; + xxprocess.stdout.on('data', function (data) { xxprocess.data += data; }); + xxprocess.stderr.on('data', function (data) { }); + xxprocess.on('close', function (code) { + (code == 0) ? callback(xxprocess.data) : callback('{}'); + }); + } catch (ex) { callback('{}'); } + }; + // Initiate server self-update obj.performServerUpdate = function (version) { if (obj.serverSelfWriteAllowed != true) return false; diff --git a/meshuser.js b/meshuser.js index ca30526a..26ef39e8 100644 --- a/meshuser.js +++ b/meshuser.js @@ -1192,11 +1192,37 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (cmdargs['_'].length > 0) { version = cmdargs['_'][0]; + + // This call is SLOW. We only want to validate version if we have to + if (version != 'stable' && version != 'latest') { + parent.parent.getServerVersions((data) => { + var versions = JSON.parse(data); + + if (versions.includes(version)) { + if (parent.parent.performServerUpdate(version) == false) { + try { + ws.send(JSON.stringify({ action: 'serverconsole', + value: 'Server self-update not possible.'})); + } catch (ex) { } + } + } else { + try { + ws.send(JSON.stringify({ action: 'serverconsole', + value: 'Invalid version. Aborting update'})); + } catch (ex) { } + } + }); + } else { + if (parent.parent.performServerUpdate(version) == false) { + r = 'Server self-update not possible.'; + } + } + } else { + if (parent.parent.performServerUpdate(version) == false) { + r = 'Server self-update not possible.'; + } } - if (parent.parent.performServerUpdate(version) == false) { - r = 'Server self-update not possible.'; - } break; } case 'print': {